Skip to content

Commit ad08653

Browse files
dependabot[bot]fealebenpae
dependabot[bot]
authored and
fealebenpae
committed
Bump github.com/hashicorp/vault/api from 1.14.0 to 1.16.0 (#4091)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.14.0 to 1.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/releases">github.com/hashicorp/vault/api's releases</a>.</em></p> <blockquote> <h2>v1.16.0</h2> <h2>1.16.0</h2> <h3>March 26, 2024</h3> <p>SECURITY:</p> <ul> <li>auth/cert: compare public keys of trusted non-CA certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. [<a href="https://redirect.github.com/hashicorp/vault/pull/25649">GH-25649</a>]</li> <li>auth/cert: validate OCSP response was signed by the expected issuer and serial number matched request [<a href="https://redirect.github.com/hashicorp/vault/pull/26091">GH-26091</a>]</li> <li>secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [<a href="https://redirect.github.com/hashicorp/vault/pull/22852">GH-22852</a>]</li> </ul> <p>CHANGES:</p> <ul> <li>Upgrade grpc to v1.58.3 [<a href="https://redirect.github.com/hashicorp/vault/pull/23703">GH-23703</a>]</li> <li>Upgrade x/net to v0.17.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/23703">GH-23703</a>]</li> <li>api: add the <code>enterprise</code> parameter to the <code>/sys/health</code> endpoint [<a href="https://redirect.github.com/hashicorp/vault/pull/24270">GH-24270</a>]</li> <li>auth/alicloud: Update plugin to v0.16.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/25014">GH-25014</a>]</li> <li>auth/alicloud: Update plugin to v0.17.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25217">GH-25217</a>]</li> <li>auth/approle: Normalized error response messages when invalid credentials are provided [<a href="https://redirect.github.com/hashicorp/vault/pull/23786">GH-23786</a>]</li> <li>auth/azure: Update plugin to v0.16.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/22795">GH-22795</a>]</li> <li>auth/azure: Update plugin to v0.17.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25258">GH-25258</a>]</li> <li>auth/cf: Update plugin to v0.16.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25196">GH-25196</a>]</li> <li>auth/gcp: Update plugin to v0.16.2 [<a href="https://redirect.github.com/hashicorp/vault/pull/25233">GH-25233</a>]</li> <li>auth/jwt: Update plugin to v0.19.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/24972">GH-24972</a>]</li> <li>auth/jwt: Update plugin to v0.20.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25326">GH-25326</a>]</li> <li>auth/jwt: Update plugin to v0.20.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/25937">GH-25937</a>]</li> <li>auth/kerberos: Update plugin to v0.10.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/22797">GH-22797</a>]</li> <li>auth/kerberos: Update plugin to v0.11.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25232">GH-25232</a>]</li> <li>auth/kubernetes: Update plugin to v0.18.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25207">GH-25207</a>]</li> <li>auth/oci: Update plugin to v0.14.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/22774">GH-22774</a>]</li> <li>auth/oci: Update plugin to v0.15.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/25245">GH-25245</a>]</li> <li>cli: Using <code>vault plugin reload</code> with <code>-plugin</code> in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [<a href="https://redirect.github.com/hashicorp/vault/pull/24878">GH-24878</a>]</li> <li>cli: <code>vault plugin info</code> and <code>vault plugin deregister</code> now require 2 positional arguments instead of accepting either 1 or 2. [<a href="https://redirect.github.com/hashicorp/vault/pull/24250">GH-24250</a>]</li> <li>core (enterprise): Seal High Availability (HA) must be enabled by <code>enable_multiseal</code> in configuration.</li> <li>core: Bump Go version to 1.21.8.</li> <li>database/couchbase: Update plugin to v0.10.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/25275">GH-25275</a>]</li> <li>database/elasticsearch: Update plugin to v0.14.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25263">GH-25263</a>]</li> <li>database/mongodbatlas: Update plugin to v0.11.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25264">GH-25264</a>]</li> <li>database/redis-elasticache: Update plugin to v0.3.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25296">GH-25296</a>]</li> <li>database/redis: Update plugin to v0.2.3 [<a href="https://redirect.github.com/hashicorp/vault/pull/25289">GH-25289</a>]</li> <li>database/snowflake: Update plugin to v0.10.0 [<a href="https://redirect.github.com/hashicorp/vault/pull/25143">GH-25143</a>]</li> <li>database/snowflake: Update plugin to v0.9.1 [<a href="https://redirect.github.com/hashicorp/vault/pull/25020">GH-25020</a>]</li> <li>events: Remove event noficiations websocket endpoint in non-Enterprise [<a href="https://redirect.github.com/hashicorp/vault/pull/25640">GH-25640</a>]</li> <li>events: Source URL is now <code>vault://{vault node}</code> [<a href="https://redirect.github.com/hashicorp/vault/pull/24201">GH-24201</a>]</li> <li>identity (enterprise): POST requests to the <code>/identity/entity/merge</code> endpoint are now always forwarded from standbys to the active node. [<a href="https://redirect.github.com/hashicorp/vault/pull/24325">GH-24325</a>]</li> <li>plugins/database: Reading connection config at <code>database/config/:name</code> will now return a computed <code>running_plugin_version</code> field if a non-builtin version is running. [<a href="https://redirect.github.com/hashicorp/vault/pull/25105">GH-25105</a>]</li> <li>plugins: Add a warning to the response from sys/plugins/reload/backend if no plugins were reloaded. [<a href="https://redirect.github.com/hashicorp/vault/pull/24512">GH-24512</a>]</li> <li>plugins: By default, environment variables provided during plugin registration will now take precedence over system environment variables.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG-v1.10-v1.15.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.15.16 Enterprise</h2> <h3>October 09, 2024</h3> <p>SECURITY:</p> <ul> <li>secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) <a href="https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565">HCSEC-2024-21</a></li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>core: log at level ERROR rather than INFO when all seals are unhealthy. [<a href="https://redirect.github.com/hashicorp/vault/pull/28564">GH-28564</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>auth/cert: When using ocsp_ca_certificates, an error was produced though extra certs validation succeeded. [<a href="https://redirect.github.com/hashicorp/vault/pull/28597">GH-28597</a>]</li> <li>auth/token: Fix token TTL calculation so that it uses <code>max_lease_ttl</code> tune value for tokens created via <code>auth/token/create</code>. [<a href="https://redirect.github.com/hashicorp/vault/pull/28498">GH-28498</a>]</li> </ul> <h2>1.15.15 Enterprise</h2> <h3>September 25, 2024</h3> <p>SECURITY:</p> <ul> <li>secrets/ssh: require <code>valid_principals</code> to contain a value or <code>default_user</code> be set by default to guard against potentially insecure configurations. <code>allow_empty_principals</code> can be used for backwards compatibility [HCSEC-2024-20](<a href="https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/7025">https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/7025</a></li> </ul> <p>CHANGES:</p> <ul> <li>core: Bump Go version to 1.22.7.</li> <li>secrets/ssh: Add a flag, <code>allow_empty_principals</code> to allow keys or certs to apply to any user/principal. [<a href="https://redirect.github.com/hashicorp/vault/pull/28466">GH-28466</a>]</li> </ul> <p>BUG FIXES:</p> <ul> <li>secret/aws: Fixed potential panic after step-down and the queue has not repopulated. [<a href="https://redirect.github.com/hashicorp/vault/pull/28330">GH-28330</a>]</li> <li>auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [<a href="https://redirect.github.com/hashicorp/vault/pull/28450">GH-28450</a>]</li> <li>auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [<a href="https://redirect.github.com/hashicorp/vault/pull/28309">GH-28309</a>]</li> <li>auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [<a href="https://redirect.github.com/hashicorp/vault/pull/28441">GH-28441</a>]</li> <li>core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [<a href="https://redirect.github.com/hashicorp/vault/pull/28230">GH-28230</a>]</li> </ul> <h2>1.15.14 Enterprise</h2> <h3>August 29, 2024</h3> <p>CHANGES:</p> <ul> <li>activity (enterprise): filter all fields in client count responses by the request namespace [<a href="https://redirect.github.com/hashicorp/vault/pull/27790">GH-27790</a>]</li> <li>core: Bump Go version to 1.22.6</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>activity log: Changes how new client counts in the current month are estimated, in order to return more visibly sensible totals. [<a href="https://redirect.github.com/hashicorp/vault/pull/27547">GH-27547</a>]</li> <li>activity: <code>/sys/internal/counters/activity</code> will now include a warning if the specified usage period contains estimated client counts. [<a href="https://redirect.github.com/hashicorp/vault/pull/28068">GH-28068</a>]</li> <li>cli: <code>vault operator usage</code> will now include a warning if the specified usage period contains estimated client counts. [<a href="https://redirect.github.com/hashicorp/vault/pull/28068">GH-28068</a>]</li> <li>core/activity: Ensure client count queries that include the current month return consistent results by sorting the clients before performing estimation [<a href="https://redirect.github.com/hashicorp/vault/pull/28062">GH-28062</a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/c20eae3e84c55bf5180ac890b83ee81c9d7ded8b"><code>c20eae3</code></a> [VAULT-25372] This is an automated pull request to build all artifacts for a ...</li> <li><a href="https://github.com/hashicorp/vault/commit/6f4631e83cdfcb5acd153755c59810b3b945fcf0"><code>6f4631e</code></a> backport of commit 792eb3b8c314fc82b46883fcf61227687026829d (<a href="https://redirect.github.com/hashicorp/vault/issues/26132">#26132</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/314b34d0bce98ed7f051ea070f49e91616f051e4"><code>314b34d</code></a> Backport of doc: Add kault library reference into release/1.16.x (<a href="https://redirect.github.com/hashicorp/vault/issues/26130">#26130</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/6ff205fb86348fe0ae9ee3542abc691f5b440cf8"><code>6ff205f</code></a> Backport of Clarify wrapping token language into release/1.16.x (<a href="https://redirect.github.com/hashicorp/vault/issues/26126">#26126</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/58752185df6e2a52e59805038f1f8dd3a5a3c4d9"><code>5875218</code></a> backport of commit de7c905477d53391bed6a404d43f8ce3789d0a8e (<a href="https://redirect.github.com/hashicorp/vault/issues/26128">#26128</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/d623bceab6b8d1a7f7c27bd55fbd872f42e0158c"><code>d623bce</code></a> backport of commit f661f4354ceb36bc9208f5474a19355d3a1016fe (<a href="https://redirect.github.com/hashicorp/vault/issues/26124">#26124</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/4bfb02751dcdbd8f3d91671b3965b5e9458d78cc"><code>4bfb027</code></a> backport of commit fa469f8bdc469570b8edaa72517433305ce2e26d (<a href="https://redirect.github.com/hashicorp/vault/issues/26122">#26122</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/bc9c84492684425d919f0f6459b0b4d1d65261d0"><code>bc9c844</code></a> backport of commit 3df09357b25b5180b2147f35dd669d83f37ac547 (<a href="https://redirect.github.com/hashicorp/vault/issues/26121">#26121</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/6a694d0d55729ee5b589bdaf15e62dd263e485ed"><code>6a694d0</code></a> Backport of Docs/vault 23837/sync doc update into release/1.16.x (<a href="https://redirect.github.com/hashicorp/vault/issues/26058">#26058</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/84bc41c8d7d3c6b7728ee893d1180290b4381562"><code>84bc41c</code></a> backport of commit 7b939bdbfd628b3870473f840a9ef5aee228927f (<a href="https://redirect.github.com/hashicorp/vault/issues/26117">#26117</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.14.0...v1.16.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.14.0&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)
1 parent 4720faf commit ad08653

File tree

3 files changed

+8
-8
lines changed

3 files changed

+8
-8
lines changed

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ require (
1010
github.com/google/uuid v1.6.0
1111
github.com/hashicorp/go-multierror v1.1.1
1212
github.com/hashicorp/go-retryablehttp v0.7.7
13-
github.com/hashicorp/vault/api v1.14.0
13+
github.com/hashicorp/vault/api v1.16.0
1414
github.com/imdario/mergo v0.3.15
1515
github.com/mongodb/mongodb-kubernetes-operator v0.12.1-0.20250203171630-423b6ebbf169
1616
github.com/pkg/errors v0.9.1
@@ -40,7 +40,7 @@ require google.golang.org/protobuf v1.36.1 // indirect
4040

4141
require (
4242
github.com/beorn7/perks v1.0.1 // indirect
43-
github.com/cenkalti/backoff/v3 v3.0.0 // indirect
43+
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
4444
github.com/cespare/xxhash/v2 v2.3.0 // indirect
4545
github.com/davecgh/go-spew v1.1.1 // indirect
4646
github.com/emicklei/go-restful/v3 v3.11.0 // indirect

go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
44
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
55
github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
66
github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
7-
github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
8-
github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
7+
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
8+
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
99
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
1010
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
1111
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -97,8 +97,8 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
9797
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
9898
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
9999
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
100-
github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
101-
github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
100+
github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
101+
github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
102102
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
103103
github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
104104
github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=

licenses.csv

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11

22
github.com/beorn7/perks/quantile,v1.0.1,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT
33
github.com/blang/semver,v3.5.1,https://github.com/blang/semver/blob/v3.5.1/LICENSE,MIT
4-
github.com/cenkalti/backoff/v3,v3.0.0,https://github.com/cenkalti/backoff/blob/v3.0.0/LICENSE,MIT
4+
github.com/cenkalti/backoff/v4,v4.3.0,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT
55
github.com/cespare/xxhash/v2,v2.3.0,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT
66
github.com/davecgh/go-spew/spew,v1.1.1,https://github.com/davecgh/go-spew/blob/v1.1.1/LICENSE,ISC
77
github.com/emicklei/go-restful/v3,v3.11.0,https://github.com/emicklei/go-restful/blob/v3.11.0/LICENSE,MIT
@@ -31,7 +31,7 @@ github.com/hashicorp/go-secure-stdlib/parseutil,v0.1.6,https://github.com/hashic
3131
github.com/hashicorp/go-secure-stdlib/strutil,v0.1.2,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0
3232
github.com/hashicorp/go-sockaddr,v1.0.2,https://github.com/hashicorp/go-sockaddr/blob/v1.0.2/LICENSE,MPL-2.0
3333
github.com/hashicorp/hcl,v1.0.0,https://github.com/hashicorp/hcl/blob/v1.0.0/LICENSE,MPL-2.0
34-
github.com/hashicorp/vault/api,v1.14.0,https://github.com/hashicorp/vault/blob/api/v1.14.0/api/LICENSE,MPL-2.0
34+
github.com/hashicorp/vault/api,v1.16.0,https://github.com/hashicorp/vault/blob/api/v1.16.0/api/LICENSE,MPL-2.0
3535
github.com/imdario/mergo,v0.3.15,https://github.com/imdario/mergo/blob/v0.3.15/LICENSE,BSD-3-Clause
3636
github.com/josharian/intern,v1.0.0,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT
3737
github.com/json-iterator/go,v1.1.12,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT

0 commit comments

Comments
 (0)